Chromium Code Reviews Chromium Code Reviews
Issue 1845113003:
Certificate Transparency: Start tracking logs' state (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef COMPONENTS_CERTIFICATE_TRANSPARENCY_SINGLE_TREE_TRACKER_H_ | |
| 6 #define COMPONENTS_CERTIFICATE_TRANSPARENCY_SINGLE_TREE_TRACKER_H_ | |
| 7 | |
| 8 #include <map> | |
| 9 #include <string> | |
| 10 | |
| 11 #include "base/memory/ref_counted.h" | |
| 12 #include "base/time/time.h" | |
| 13 #include "net/cert/ct_verifier.h" | |
| 14 #include "net/cert/signed_tree_head.h" | |
| 15 #include "net/cert/sth_observer.h" | |
| 16 | |
| 17 namespace net { | |
| 18 class CTLogVerifier; | |
| 19 class X509Certificate; | |
| 20 | |
| 21 namespace ct { | |
| 22 struct SignedCertificateTimestamp; | |
| 23 } // namespace ct | |
| 24 | |
| 25 } // namespace net | |
| 26 | |
| 27 namespace certificate_transparency { | |
| 28 | |
| 29 // Tracks the state of an individual Certificate Transparency Log's Merkle Tree. | |
| 30 // A CT Log constantly issues Signed Tree Heads, for which every older STH must | |
| 31 // be incorporated into the current/newer STH. As new certificates are logged, | |
| 32 // new SCTs are produced, and eventually, those SCTs are incorporated into the | |
| 33 // log and a new STH is produced, with there being an inclusion proof between | |
| 34 // the SCTs and the new STH, and a consistency proof between the old STH and the | |
| 35 // new STH. | |
| 36 // This class receives STHs provided by/observed by the embedder, with the | |
| 37 // assumption that STHs have been checked for consistency already. As SCTs are | |
| 38 // observed, their status is checked against the latest STH to ensure they were | |
| 39 // properly logged.. If an SCT is newer than the latest STH, then this class | |
| 40 // verifies that when an STH is observed that should have incorporated those | |
| 41 // SCTs, the SCTs are present. | |
|
Ryan Sleevi
2016/05/18 16:58:18
s/are present/are present in the log./
Eran Messeri
2016/05/19 12:35:00
Done.
| |
| 42 // | |
| 43 // To accomplish this, this class needs to be notified of when new SCTs are | |
| 44 // observed (which it does by implementing net::CTVerifier::Observer) and when | |
| 45 // new STHs are observed (which it does by implementing net::ct::STHObserver). | |
| 46 // Once connected to sources providing that data, the status for a given SCT | |
| 47 // can be queried by calling GetLogEntryInclusionCheck. | |
| 48 class SingleTreeTracker : public net::CTVerifier::Observer, | |
| 49 public net::ct::STHObserver { | |
| 50 public: | |
| 51 // TODO(eranm): This enum will expand to include check success/failure, | |
| 52 // see crbug.com/506227 | |
| 53 enum SCTInclusionStatus { | |
| 54 // SCT was not observed by this class and is not currently pending | |
| 55 // inclusion check. As there's no evidence the SCT this status relates | |
| 56 // to is verified (it was never observed via OnSCTVerified), nothing | |
| 57 // is done with it. | |
| 58 SCT_NOT_OBSERVED, | |
| 59 | |
| 60 // SCT was observed but the STH known to this class is not old | |
| 61 // enough to check for inclusion, so a newer STH is needed first. | |
| 62 SCT_PENDING_NEWER_STH, | |
| 63 | |
| 64 // SCT is known and there's a new-enough STH to check inclusion against. | |
| 65 // Actual inclusion check has to be performed. | |
| 66 SCT_PENDING_INCLUSION_CHECK | |
| 67 }; | |
| 68 | |
| 69 explicit SingleTreeTracker(scoped_refptr<const net::CTLogVerifier> ct_log); | |
| 70 ~SingleTreeTracker() override; | |
| 71 | |
| 72 // net::ct::CTVerifier::Observer implementation. | |
| 73 | |
| 74 // TODO(eranm): Extract CTVerifier::Observer to SCTObserver | |
| 75 // Performs an inclusion check for the given certificate if the latest | |
| 76 // STH known for this log is older than sct.timestamp + Maximum Merge Delay, | |
| 77 // enqueues the SCT for future checking later on. | |
| 78 // TODO(eranm): Make sure not to perform any synchronous, blocking operation | |
| 79 // here as this callback is invoked during certificate validation. | |
| 80 // Should only be called with SCTs issued by the log this instance tracks. | |
| 81 void OnSCTVerified(net::X509Certificate* cert, | |
| 82 const net::ct::SignedCertificateTimestamp* sct) override; | |
| 83 | |
| 84 // net::ct::STHObserver implementation. | |
| 85 // After verification of the signature over the |sth|, uses this | |
| 86 // STH for future inclusion checks. | |
| 87 // Must only be called for STHs issued by the log this instance tracks. | |
| 88 void NewSTHObserved(const net::ct::SignedTreeHead& sth) override; | |
| 89 | |
| 90 // Returns the status of a given log entry that is assembled from | |
| 91 // |cert| and |sct|. If |cert| and |sct| were not previously observed, | |
| 92 // |sct| is not an SCT for |cert| or |sct| is not for this log, | |
| 93 // SCT_NOT_OBSERVED will be returned. | |
| 94 SCTInclusionStatus GetLogEntryInclusionStatus( | |
| 95 net::X509Certificate* cert, | |
| 96 const net::ct::SignedCertificateTimestamp* sct); | |
| 97 | |
| 98 private: | |
| 99 // Holds the latest STH fetched and verified for this log. | |
| 100 net::ct::SignedTreeHead verified_sth_; | |
| 101 | |
| 102 // The log being tracked. | |
| 103 scoped_refptr<const net::CTLogVerifier> ct_log_; | |
| 104 | |
| 105 // List of log entries pending inclusion check. | |
| 106 // TODO(eranm): Rather than rely on the timestamp, extend to to use the | |
| 107 // whole MerkleTreeLeaf (RFC6962, section 3.4.) as a key. See | |
| 108 // https://crbug.com/506227 | |
| 109 std::map<base::Time, SCTInclusionStatus> entries_status_; | |
| 110 | |
| 111 DISALLOW_COPY_AND_ASSIGN(SingleTreeTracker); | |
| 112 }; | |
| 113 | |
| 114 } // namespace certificate_transparency | |
| 115 | |
| 116 #endif // COMPONENTS_CERTIFICATE_TRANSPARENCY_SINGLE_TREE_TRACKER_H_ | |
| OLD | NEW |
